Saturday, April 7, 2018

Carrier Support Carrier MPLS Inter AS L3 VPN IOS and XR Part 1

CSC is a topic that I covered a while back when I was hitting CCNP SP but now that I am working towards CCIE SP I decided to cover it again with a deeper look for both IOS and XR. In Part 1, we will cover the configuration of the 2 Tier 2 ISPs and the Core Tier 1 ISP as there is a lot of configuration to initially setup IS-IS/OSPF/LDP/MP-BGP and VRF Aware Routing. That's what this post will consist of. There are several minor variants how CSC can get deployed and we'll focus on the Label Unicast CSC CE to CSC PE eBGP peerings, advertising IS-IS routes via BGP network statements and filtering BGP learned routes into IS-IS via a /32 only prefix list.

The whole point is intelligently propagate routes and control what is learned. There are several other minor configuration options we could test, but I'll leave that for the RIT SPv4 workbooks and video series to cover.

CSC is also commonly referred to as Hierarchical VPN, I don't specify L3VPN as L2VPN, mVPN and other 6VPE are also supported. We'll be focusing on L3 VPN. The concept of CSC as I mentioned in a previous post is to allow regionally based SPs to extend their reach beyond their local SPs. The cool thing is the core SP treats the regional SPs as a customer and not another SP, this means that Inter AS VPN techniques, A, B, C and D don't apply. The VRF configuration is completed on the PE router that connects to the PE router of the regional SP. The regional SP doesn't configure a VRF unless they connect to a customer on the same device. This caveat might not be 100% true in other Inter AS solutions but it is true in this one.

-------------------Left Regional SP--------------------------------
R1
router isis 50693
 net 49.0000.0000.0000.0001.00
 is-type level-2-only
 metric-style wide
 mpls ldp autoconfig
!
interface Loopback0
 ip router isis 50693
!
interface GigabitEthernet1.17
 ip router isis 50693
!
interface GigabitEthernet1.18
 ip router isis 50693
!
vrf definition CSC
 rd 1:1
 route-target export 1:1
 route-target import 1:1
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
interface GigabitEthernet1.21
 encapsulation dot1Q 21
 vrf forwarding CSC
 ip address 100.64.21.1 255.255.255.0
end
!
router bgp 50693
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 192.0.2.3 remote-as 50693
 neighbor 192.0.2.3 update-source Loopback0
 neighbor 192.0.2.8 remote-as 50693
 neighbor 192.0.2.8 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 192.0.2.8 activate
  neighbor 192.0.2.8 send-community extended
  neighbor 192.0.2.8 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CSC
  network 100.64.21.0 mask 255.255.255.0
  neighbor 100.64.21.2 remote-as 65002
  neighbor 100.64.21.2 activate
 exit-address-family


R7
router isis 50693
 net 49.0000.0000.0000.0007.00
 is-type level-2-only
 metric-style wide
 mpls ldp autoconfig
!
interface Loopback0
 ip router isis 50693
!
interface GigabitEthernet1.17
 ip router isis 50693
!
interface GigabitEthernet1.75
 ip router isis 50693
!
interface GigabitEthernet1.78
 ip router isis 50693
!
interface GigabitEthernet1.157
 ip router isis 50693

R5
router isis 50693
 net 49.0000.0000.0000.0005.00
 is-type level-2-only
 metric-style wide
 redistribute bgp 50693 route-map RM_BGP_ROUTES
 mpls ldp autoconfig
!
router bgp 50693
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 100.64.56.6 remote-as 2
 neighbor 192.0.2.8 remote-as 50693
 neighbor 192.0.2.8 update-source Loopback0
 !
 address-family ipv4
  network 192.0.2.1 mask 255.255.255.255
  network 192.0.2.8 mask 255.255.255.255
  network 192.0.2.15 mask 255.255.255.255
  neighbor 100.64.56.6 activate
  neighbor 100.64.56.6 allowas-in
  neighbor 100.64.56.6 send-label
 exit-address-family
 !
 address-family vpnv4
  neighbor 192.0.2.8 activate
  neighbor 192.0.2.8 send-community extended
  neighbor 192.0.2.8 next-hop-self
 exit-address-family
!
ip prefix-list PL_BGP_ROUTES seq 5 permit 0.0.0.0/0 ge 32
!
route-map RM_BGP_ROUTES permit 10
 match ip address prefix-list PL_BGP_ROUTES


-------------------Core SP------------------------------------------
R6
router ospf 50693
 network 100.64.106.0 0.0.0.255 area 0
 mpls ldp autoconfig
!
interface Loopback0
 ip ospf 50693 area 0
!
vrf definition CSC
 rd 1:1
 route-target export 1:1
 route-target import 1:1
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
interface GigabitEthernet1.56
 encapsulation dot1Q 56
 vrf forwarding CSC
 ip address 100.64.56.6 255.255.255.0
 mpls bgp forwarding
!
router bgp 2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 192.0.2.23 remote-as 2
 neighbor 192.0.2.23 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 192.0.2.23 activate
  neighbor 192.0.2.23 send-community extended
  neighbor 192.0.2.23 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CSC
  neighbor 100.64.56.5 remote-as 50693
  neighbor 100.64.56.5 activate
  neighbor 100.64.56.5 send-label
 exit-address-family

R10
router ospf 50693
 network 100.64.0.0 0.0.255.255 area 0
 mpls ldp autoconfig
!
interface Loopback0
 ip ospf 50693 area 0

R11
router ospf 50693
 network 100.64.110.0 0.0.0.255 area 0
 mpls ldp autoconfig
!
interface Loopback0
 ip ospf 50693 area 0
!
vrf definition CSC
 rd 1:1
 route-target export 1:1
 route-target import 1:1
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
interface GigabitEthernet1.112
 encapsulation dot1Q 112
 vrf forwarding CSC
 ip address 100.64.112.11 255.255.255.0
 mpls bgp forwarding
!
router bgp 2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 192.0.2.23 remote-as 2
 neighbor 192.0.2.23 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 192.0.2.23 activate
  neighbor 192.0.2.23 send-community extended
  neighbor 192.0.2.23 next-hop-self
  neighbor 192.0.2.23 route-map RM_LP in
 exit-address-family
 !
 address-family ipv4 vrf CSC
  neighbor 100.64.112.12 remote-as 50693
  neighbor 100.64.112.12 activate
  neighbor 100.64.112.12 as-override
  neighbor 100.64.112.12 send-label
 exit-address-family

XR2
router ospf 50693
 area 0
  mpls ldp auto-config
  interface Loopback0
  !
  interface GigabitEthernet0/0/0/0.123
  !
!
mpls ldp


XR3
router ospf 50693
 area 0
  mpls ldp auto-config
  interface Loopback0
  !
  interface GigabitEthernet0/0/0/0.103
  !
  interface GigabitEthernet0/0/0/0.123
  !
  interface GigabitEthernet0/0/0/0.134
  !
!
mpls ldp


XR4
router ospf 50693
 area 0
  mpls ldp auto-config
  interface Loopback0
  !
  interface GigabitEthernet0/0/0/0.134
  !
!
vrf CSC
 address-family ipv4 unicast
  import route-target
   1:1
  !
  export route-target
   1:1
  !
 !
 address-family ipv6 unicast
  import route-target
   1:1
  !
  export route-target
   1:1
  !
 !
!
!
router bgp 2
 address-family ipv4 unicast
 !
 address-family vpnv4 unicast
 !
 neighbor 192.0.2.23
  remote-as 2
  update-source Loopback0
  address-family vpnv4 unicast
   route-policy RPL_LOCAL_PREF in
   next-hop-self
  !
 !
 vrf CSC
  rd 1:1
  address-family ipv4 unicast
   allocate-label all
  !
  neighbor 100.64.142.12
   remote-as 50693
   address-family ipv4 labeled-unicast
    route-policy RPL_EBGP_PEERINGS in
    route-policy RPL_EBGP_PEERINGS out
    as-override
   !
  !
  neighbor 100.64.145.15
   remote-as 50693
   address-family ipv4 labeled-unicast
    route-policy RPL_EBGP_PEERINGS in
    route-policy RPL_EBGP_PEERINGS out
    as-override


---------------------Right Regional SP------------------------------
R12
router isis 50693
 net 49.0000.0000.0000.0012.00
 is-type level-2-only
 metric-style wide
 redistribute bgp 50693 route-map RM_BGP_ROUTES
 mpls ldp autoconfig
!
interface Loopback0
 ip router isis 50693
!
interface GigabitEthernet1.125
 ip router isis 50693
!
interface GigabitEthernet1.129
 ip router isis 50693
!
!
interface GigabitEthernet1.112
 encapsulation dot1Q 112
 ip address 100.64.112.12 255.255.255.0
 mpls bgp forwarding
!
router bgp 50693
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 100.64.112.11 remote-as 2
 neighbor 100.64.142.14 remote-as 2
 neighbor 192.0.2.26 remote-as 50693
 neighbor 192.0.2.26 update-source Loopback0
 !
 address-family ipv4
  network 192.0.2.3 mask 255.255.255.255
  network 192.0.2.13 mask 255.255.255.255
  network 192.0.2.26 mask 255.255.255.255
  neighbor 100.64.112.11 activate
  neighbor 100.64.112.11 allowas-in
  neighbor 100.64.112.11 send-label
  neighbor 100.64.142.14 activate
  neighbor 100.64.142.14 allowas-in
  neighbor 100.64.142.14 send-label
 exit-address-family
 !
 address-family vpnv4
  neighbor 192.0.2.26 activate
  neighbor 192.0.2.26 send-community extended
  neighbor 192.0.2.26 next-hop-self
 exit-address-family

R9
router isis 50693
 net 49.0000.0000.0000.0009.00
 is-type level-2-only
 metric-style wide
 mpls ldp autoconfig
!
interface Loopback0
 ip router isis 50693
!
interface GigabitEthernet1.39
 ip router isis 50693
!
interface GigabitEthernet1.96
 ip router isis 50693
!
interface GigabitEthernet1.129
 ip router isis 50693
!
interface GigabitEthernet1.139
 ip router isis 50693


R3
router isis 50693
 net 49.0000.0000.0000.0003.00
 is-type level-2-only
 metric-style wide
 mpls ldp autoconfig
!
interface Loopback0
 ip router isis 50693
!
interface GigabitEthernet1.39
 ip router isis 50693
!
interface GigabitEthernet1.63
 ip router isis 50693
!
vrf definition CSC
 rd 1:1
 route-target export 1:1
 route-target import 1:1
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
interface GigabitEthernet1.34
 encapsulation dot1Q 34
 vrf forwarding CSC
 ip address 100.64.34.3 255.255.255.0
!
router bgp 50693
 bgp log-neighbor-changes
 neighbor 192.0.2.1 remote-as 50693
 neighbor 192.0.2.1 update-source Loopback0
 neighbor 192.0.2.26 remote-as 50693
 neighbor 192.0.2.26 update-source Loopback0
 !
 address-family ipv4
  no neighbor 192.0.2.1 activate
  neighbor 192.0.2.26 activate
  neighbor 192.0.2.26 next-hop-self
  neighbor 192.0.2.26 send-label
 exit-address-family
 !
 address-family vpnv4
  neighbor 192.0.2.1 activate
  neighbor 192.0.2.1 send-community extended
  neighbor 192.0.2.26 activate
  neighbor 192.0.2.26 send-community extended
  neighbor 192.0.2.26 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CSC
  network 100.64.34.0 mask 255.255.255.0
  neighbor 100.64.34.4 remote-as 65004
  neighbor 100.64.34.4 activate
 exit-address-family

 In Part 2 we will go through a detailed verification and breakdown. 

 Part 2
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)